File permission vulnerabilities and Module::Pluggable
Simon Wistow
simon at thegestalt.org
Tue Jan 20 23:47:09 GMT 2009
Adam 'Alias' Kennedy has written a blog post about the 2009 CWE/SANS 25
Most Dangerous Programming Errors
http://use.perl.org/~Alias/journal/38319
in it he singles out "CWE-732: Insecure Permission Assignment for
Critical Resource"
http://cwe.mitre.org/data/definitions/732.html
and points out
"LOTS of Perl programs use Module::Pluggable, or have Plugin support of
some kind (including Padre), which is an exploit waiting to happen if we
aren't checking the permissions of the modules that we load.
I'm not sure if we already have something like this, but it would be
interesting to see things like Module::Pluggable coming with CWE-732
support by default (presumably with an option to disable it)."
So I've been thinking about adding that support however I'm slightly
conflicted at the moment about how it should work which is down to two
things -
1) At the moment M::P has no no-core dependencies so introducing one,
especially since it's dual-lifed at the moment makes me pause.
The two solutions I can see immediately are
* Make it optional dependency and the functionality only available if
File::PermissionCheck (or whatever it's called) is installed
* Make it part of the M::P distribution like Devel::InnerPackage.
2) I'm reluctant to turn that kind of checking on by default. Maybe if
this was the first release of M::P but I'm worried about people
upgrading and then stuff suddenly stopping working. This is
especially bad if it's an optional dependency since then some other
package could require it and a completely different module stops
working.
Thoughts?
Simon
More information about the london.pm
mailing list